SprintDraft
Sign inStart free

SprintDraft Legal

Privacy Policy

Last updated: April 25 2026

This policy explains what data SprintDraft Ltd (“SprintDraft”, “we”) collects when you use sprintdraft.com or the SprintDraft browser extension, why we collect it, and what your rights are. If anything here is unclear, email privacy@sprintdraft.com.

1. Who we are

SprintDraft Ltd is a company registered in England and Wales. Our registered contact address is available on request. For privacy matters, reach us at privacy@sprintdraft.com.

2. Data we collect

We collect the minimum data required to deliver SprintDraft to you.

  • Account data: email address, full name, role (BA, QA, Product Owner, Career Switcher, Contractor), and the password hash used to authenticate you.
  • Subscription data: if you upgrade to Pro, we store your Stripe customer ID and subscription identifiers. We do not store card numbers; payment details are held by Stripe under their own terms.
  • Generation data: the input you paste into the generate panel, the artefact we produce in response, and metadata such as the artefact type and any project profile you attached.
  • Product analytics: anonymised usage events (page views, generation events, feature interactions) used to improve the product. No raw input or output is sent to analytics.
  • Diagnostic data: error reports captured by our error monitoring provider when something goes wrong. Error reports do not include your generation content.

3. How we use your data

  • To authenticate you and run the SprintDraft service.
  • To process payments and manage your subscription.
  • To generate and store the artefacts you create, and to make your library available across sessions and devices.
  • To send transactional email (welcome, payment notifications, account changes). We do not send marketing email without explicit opt-in.
  • To improve product quality through anonymised usage analytics and aggregated metrics.
  • To meet legal, tax, and audit obligations.

4. Model providers and your input

SprintDraft uses third-party model providers to generate artefacts. The text you submit and the output produced are sent to a provider for the duration of the generation request only. Your input and output are not used by us, or by our providers, to train any model. We hold provider agreements that explicitly prohibit training on customer data.

5. Where your data is stored

Account data and saved artefacts are stored in our managed PostgreSQL database hosted in the European Union. Backups are encrypted at rest. Stripe handles all payment data; their data residency policy applies to that subset.

6. How long we keep your data

  • Account data: kept while your account is active and for 30 days after deletion to allow recovery.
  • Generation data: kept for as long as you keep the artefact saved in your library. Unsaved generations are kept for 30 days for audit purposes, then permanently deleted.
  • Subscription data: retained for 7 years to meet UK accounting and tax requirements.
  • Diagnostic data: retained for 30 days, then permanently deleted.

7. Your rights under GDPR

You have the right to access, correct, export, or delete your personal data, and the right to object to processing. To exercise any of these rights, email privacy@sprintdraft.com. We respond within 30 days, usually within two working days.

Account deletion permanently removes your profile, your saved artefacts, and your authentication record. Backups are purged within 30 days of deletion.

8. Cookies

SprintDraft uses a minimal set of first-party cookies to keep you signed in and to remember basic preferences. We do not use third-party advertising cookies. A cookie banner will be added before the public launch and any non-essential cookies will require explicit consent.

9. Sub-processors

We use the following sub-processors to deliver SprintDraft: Supabase (database and authentication), Stripe (payments), Resend (transactional email), PostHog (anonymised product analytics), Sentry (error monitoring), Vercel (hosting). Each sub-processor handles data only for the specific purpose listed.

10. Children

SprintDraft is a professional tool. The service is not directed at children under 16 and we do not knowingly collect data from anyone under 16.

11. Changes to this policy

We will update this policy as the product evolves. The “last updated” date at the top of the page reflects the most recent change. Material changes will be communicated by email to active subscribers.

12. Complaints

If you have a complaint about how we handle your data, please email us first. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.

Back to sprintdraft.com